Daniel Veillard <veillard redhat com> wrote on 05/17/2011 08:47:11 PM:
> Like Dan I'm worried by removing this functionality. As far as I
> know most switches learn IP from their clients using ARP snooping,
> this is I think more resilient and minimize disruption in case of
> port switching.
Daniel,
Although I don't agree, I plan to add the option. I was hoping
to make DHCP snooping the default, at least.
What concerns me is that the existing mechanism can be almost
trivially subverted, so it may create a false sense of security. It
really is not spoof protection in general -- but that is the point
of the filtering. If you believe the VM when it tells you it can
use an IP address, filtering just means he has to reboot in between
hijacking multiple addresses he wants to spoof.
There should be no reason why DHCP wouldn't work on a migrated
VM as well (the expectation being that the address, and therefore subnet
and DHCP server) would continue to work in the new location.
Static addresses (or a set of possible IP addresses, with
the other patches I plan) can be used if you need to avoid DHCP,
of course. Then an admin could give a list of allowed addresses
and the VM could use any (or all) of that set, configured through
any mechanism.
I'm pressed for time at the moment, so it may be a few weeks
before I have the revisions to resubmit. But my plan is to incorporate
all of the comments I've seen so far in that revision.
+-DLS